The FBI is warning organizations using remote desktop sharing software to be careful after a Florida water system was allegedly hacked using TeamViewer, a popular desktop sharing program that even has use cases in pro AV.
Earlier this month, officials in the Florida city of Oldsmar said a water treatment facility was hacked after an unidentified actor accessed the plant’s supervisory and control data acquisition (SCADA) system using TeamViewer.
According to officials, the software was installed on one of several computers used by plant personnel to check the system status and respond to alarms. All operators allegedly used the same password for that software.
For a few different reasons, TeamViewer has garnered some negative headlines, with cybersecurity experts saying the platform is inherently insecure and prone to compromise.
However, taking the Florida water system case on its own, we see that some computers running the plant were operating on Windows 7, which is no longer supported by Microsoft. Also, operators sharing one password for a remote access program will make any IT professional sick.
We have no reason to believe TeamViewer is the only remote access program that can be compromised, but the FBI did call out the application in an alert, saying it is a “popular tool that has been exploited by cyber actors engaged in targeted social engineering attacks.”
“Beyond its legitimate uses, TeamViewer allows cyber actors to exercise remote control over computer systems and drop files onto victim computers, making it functionally similar to Remote Access Trojans (RATs),” the alert said. “TeamViewer’s legitimate use, however, makes anomalous activity less suspicious to end users and system administrators compared to RATs.”
For those familiar with the r/CommercialAV subreddit, check out this post in which one commercial AV professional said their company would begin looking at alternatives to TeamViewer.
It was quickly followed up with users saying remote access software itself poses a risk, giving malicious actors the opportunity to just compromise service providers like AV integrators’ use of this kind of software, thus giving access to any customers on the other end of the software.
Integrators should take steps to better secure their remote connections, including setting up multiple layers of security:
- Ensuring robust antivirus and threat detection in the firm’s own corporate network
- Set up a remote connection via a VPN
- Enable multi-factor authentication
- Limit account permissions to only what is necessary
There are many remote access software on the market, so do your homework and choose the provider with the better built-in security.